Freeradius 2.0 with Activedirectory Integration Failed

Andy Ng nding at
Mon Nov 10 08:22:17 CET 2008

Anders Holm-3 wrote:
> You have two errors to fix...
> This;
>>>> /usr/local/etc/raddb/users[1]: Parse error (check) for entry  
>>>> Unknown value ntlm_auth for attribute Auth-Type
> And this:
>>>> Errors reading /usr/local/etc/raddb/users
>>>> /usr/local/etc/raddb/modules/files[7]: Instantiation failed for  
>>>> module
>>>> "files"
>>>> /usr/local/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find
>> module
>>>> "files".
>>>> /usr/local/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing
>>>> authorize section.
>>>> }
>>>> }
>>>> Errors initializing modules
>>>> It seems like it require an external ntlm_auth to execute, rather  
>>>> than one
>>>> that is embedded in MSCHAP module.
>>> Well, yes. You said you were following the instructions in
>>> That's one of the steps. Just add ntlm_auth to authenticate in both
>>> virtual servers (default and inner-tunnel).
> Is this the step you are struggling with?
>> The URL that I was following is using freeradius 1.x
> A lot of the documentation on the site is for 1.x so when you have  
> figured things out, documenting it is a geeat way to return something  
> to the project
>> Now, I am using freeradius 2.x, and thus I skipped the creation of  
>> "exec
>> ntlm_auth"
>> Furthermore, I do not know how to do so...
> If the docs don't give an example, this is your chance to help getting  
> it updated.
>> I tried to add it to the "exec" file in the module directory, but it  
>> didn't
>> work.
>> The error is still reported to be the same.
> Well, yes, as it is still the same problem.
>> Should I fall back to freeradius 1.x instead?
> No.
> -
> List info/subscribe/unsubscribe? See

Hi Anders,

The problems that you have highlighted are the ones that I have having :-)

I added "exec ntlm_auth" into the exec file in the modules folder, and as
Ivan has recommended, I added a line to the users file.

The next step is to make exec ntlm_auth recognized by the radius

Currently, there are some questions that are going on in my head...
1. Must the ntlm_auth be placed in modules or in radiusd.conf?
If the configuration exec ntlm_auth is to be placed in modules, which

2. In the URL, that indicated that I must input ntlm_auth into the
authenticate routine in freeradius 1.x, but freeradius 2.x is all separated,
any idea which is the one that I should placed into?

I will do some trial and error on my end though...
And I think that after being successful on this, I will need help from you
guys to get this documented, I think that freeradius 2.x has very little
documentation, and not many will be willing to take the plunge to 2.x...



View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list